PT-2015-7728 · Google · Google Picasa

Published

2015-11-09

Updated

2018-10-09

CVE-2015-8096

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Picasa version 3.9.140 Build 239 Google Picasa version 3.9.140 Build 248

Description The issue is related to an integer overflow that triggers a heap-based buffer overflow, potentially allowing remote attackers to execute arbitrary code. This is connected to unspecified vectors related to the "phase one 0x412 tag".

Recommendations For Google Picasa version 3.9.140 Build 239, update to a version that fixes the integer overflow issue. For Google Picasa version 3.9.140 Build 248, update to a version that fixes the integer overflow issue. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-119

Related Identifiers

CVE-2015-8096

Affected Products

Google Picasa

PT-2015-7728 · Google · Google Picasa

CVE-2015-8096

Weakness Enumeration

Related Identifiers

Affected Products

References · 4